[tbb-dev] How does Tor Browser treat locally-installed CA cert?

27 Jan 2016


      Hi,
As part of working on the CT Gossip draft [0] I find myself thinking
about local trust anchors and how they might change browser behaviours.
My understanding is that Tor Browser behaves like Firefox wrt locally
added CA certs. If that's correct, do you know if FF treats pinning the
way the "What Is HPKP For?" post [1] describes it?
Another question that I find interesting is if TB could do better
regarding fingerprintability based on what TLS session the browser
accepts.
[0] https://datatracker.ietf.org/doc/draft-ietf-trans-gossip/
[1] https://noncombatant.org/2015/11/24/what-is-hpkp-for/

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

[tbb-dev] How does Tor Browser treat locally-installed CA cert?